logo elektroda
logo elektroda
X
logo elektroda
REKLAMA
REKLAMA
Adblock/uBlockOrigin/AdGuard mogą powodować znikanie niektórych postów z powodu nowej reguły.

[Rozwiązano] Wirus bitcoin miner, problem z usunięciem

boltazy 23 Lip 2021 16:14 1806 4
REKLAMA
  • #1 19533264
    boltazy
    Poziom 2  
    Posty: 3
    Ocena: 2
    Witam
    Parę dni temu prawdopodobnie podczas ściągania torrenta złapałem wirusa bitcoin miner. Skanowałem kompa różnymi programami min: Malwarebytes , niestety wirus cały czas się odnawia. Komputer strasznie wolno chodzi, powoli ładują się strony.
    Przesyłam skany z FRST w załączniku.
    Załączniki:
    • FRST.txt (33.62 KB) Musisz być zalogowany, aby pobrać ten załącznik.
    • Addition.txt (54.84 KB) Musisz być zalogowany, aby pobrać ten załącznik.
  • REKLAMA
  • Pomocny post
    #2 19533382
    krzychupar
    Poziom 43  
    Posty: 6807
    Pomógł: 1490
    Ocena: 633
    Odinstaluj:
    CCleaner

    Otwórz notatnik i wklej:

    CloseProcesses:
    CreateRestorePoint:
    Hosts:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd -> Piriform Ltd)
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: F - "F:\SETUP.EXE"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {06ac4b4b-9186-11e6-8275-ecb1d7305dfe} - "F:\LG_PC_Programs.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {5d0dd7a4-0c4b-11e9-828e-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {5d0dd7b0-0c4b-11e9-828e-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {bb51ba9e-be4d-11e9-829c-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {bb51bace-be4d-11e9-829c-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    BootExecute: autocheck autochk * sdnclean64.exe
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
    HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Task: {2CCAD8B6-4E91-4A5B-8C59-66193E3A8812} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd -> Piriform Ltd)
    Task: {ADD51F09-6D8D-4D2C-9A0F-A7F3D4B32DB2} - System32\Tasks\Opera scheduled Autoupdate 1470214841 => C:\Program Files (x86)\Opera\launcher.exe [2264784 2021-07-07] (Opera Software AS -> Opera Software)
    Task: {E2425EFE-23D4-4E1F-BD71-9ADAC3A38620} - System32\Tasks\Opera scheduled assistant Autoupdate 1581066384 => C:\Program Files (x86)\Opera\launcher.exe [2264784 2021-07-07] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg]
    U0 Partizan; system32\drivers\Partizan.sys [X]
    U4 SecurityHealthService; Brak ImagePath
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Uzyj AdwCleaner oraz Mbam i usun to co wykryja.
  • REKLAMA
  • Pomocny post
    #3 19533414
    Kolobos
    Spec od komputerów
    Posty: 85169
    Pomógł: 17166
    Ocena: 10445
    Odinstaluj:
    SpyHunter 5
    GridinSoft Anti-Malware

    Wykonaj Fixlist.txt dla FRST:
    CloseProcesses:
    () [Brak podpisu cyfrowego] C:\Users\macio_boltazy\AppData\Roaming\.dllbackups\data\modules\dll-host\res\openhardwaremonitor\OpenHardwareMonitorReport.exe
    (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
    (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
    (EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
    (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\macio_boltazy\AppData\Roaming\.dllbackups\data\modules\dll-propagation\dll-propagation_1.3.27.exe
    (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu] C:\Users\macio_boltazy\AppData\Roaming\.dllbackups\dllruntime.exe
    (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\macio_boltazy\AppData\Local\Temp\1qM2AuoaqSRroAy9MhJo9ieKinQ\dll-propagation.exe <3>
    (Microsoft Corporation) [Brak podpisu cyfrowego] C:\Users\macio_boltazy\AppData\Local\Temp\1vMAwwMgMfLcPDKfOxo4YgOvByK\dllservices.exe <4>
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646776 2020-03-12] (Oracle America, Inc. -> Oracle Corporation)
    HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files (x86)\Opera\assistant\browser_assistant.exe [4079824 2021-07-21] (Opera Software AS -> Opera Software)
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-13] (Piriform Ltd -> Piriform Ltd)
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\Run: [electron.app.dllservices] => C:\Users\macio_boltazy\AppData\Roaming\.dllbackups\dllruntime.exe [63098833 2021-07-21] (Microsoft Corporation) [Brak podpisu cyfrowego] [Plik w użyciu]
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: F - "F:\SETUP.EXE"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {06ac4b4b-9186-11e6-8275-ecb1d7305dfe} - "F:\LG_PC_Programs.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {5d0dd7a4-0c4b-11e9-828e-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {5d0dd7b0-0c4b-11e9-828e-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {bb51ba9e-be4d-11e9-829c-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-4141326900-2724353818-2992216676-1001\...\MountPoints2: {bb51bace-be4d-11e9-829c-ecb1d7305dfe} - "F:\HiSuiteDownLoader.exe"
    BootExecute: autocheck autochk * sdnclean64.exe
    HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ograniczenia <==== UWAGA
    HKLM\SOFTWARE\Policies\Google: Ograniczenia <==== UWAGA
    Task: {2CCAD8B6-4E91-4A5B-8C59-66193E3A8812} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6851288 2016-07-13] (Piriform Ltd -> Piriform Ltd)
    Task: {ADD51F09-6D8D-4D2C-9A0F-A7F3D4B32DB2} - System32\Tasks\Opera scheduled Autoupdate 1470214841 => C:\Program Files (x86)\Opera\launcher.exe [2264784 2021-07-07] (Opera Software AS -> Opera Software)
    Task: {E2425EFE-23D4-4E1F-BD71-9ADAC3A38620} - System32\Tasks\Opera scheduled assistant Autoupdate 1581066384 => C:\Program Files (x86)\Opera\launcher.exe [2264784 2021-07-07] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Program Files (x86)\Opera\assistant" $(Arg0)
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg]
    R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [12872144 2021-07-22] (EnigmaSoft Limited -> EnigmaSoft Limited)
    R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [526800 2021-07-22] (EnigmaSoft Limited -> EnigmaSoft Limited)
    R3 EnigmaFileMonDriver; C:\windows\system32\Drivers\EnigmaFileMonDriver.sys [76744 2021-07-22] (EnigmaSoft Limited -> EnigmaSoft Limited)
    S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [38216 2021-07-16] (GridinSoft, LLC -> GridinSoft LLC)
    U0 Partizan; system32\drivers\Partizan.sys [X]
    U4 SecurityHealthService; Brak ImagePath
    2021-07-22 20:17 - 2021-07-23 15:48 - 000000000 ____D C:\Users\macio_boltazy\Desktop\FRST-OlderVersion
    2021-07-22 18:04 - 2021-07-22 18:04 - 000000872 _____ C:\Users\Public\Desktop\GridinSoft Anti-Malware.lnk
    2021-07-22 18:04 - 2021-07-22 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
    2021-07-22 18:03 - 2021-07-22 18:04 - 000000000 ____D C:\Program Files\GridinSoft Anti-Malware
    2021-07-22 18:03 - 2021-07-22 18:03 - 000000000 ____D C:\ProgramData\GridinSoft
    2021-07-22 15:56 - 2021-07-22 20:09 - 000076744 _____ (EnigmaSoft Limited) C:\windows\system32\Drivers\EnigmaFileMonDriver.sys
    2021-07-22 15:56 - 2021-07-22 15:56 - 000001017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyHunter5.lnk
    2021-07-22 15:56 - 2021-07-22 15:56 - 000000993 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
    2021-07-22 15:56 - 2021-07-22 15:56 - 000000000 ____D C:\sh5ldr
    2021-07-22 15:56 - 2021-07-22 15:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
    2021-07-22 15:56 - 2021-07-22 15:56 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
    2021-07-22 15:55 - 2021-07-22 15:55 - 000000000 ____D C:\Program Files\EnigmaSoft
    2021-07-22 15:54 - 2021-07-22 15:55 - 006611920 _____ (EnigmaSoft Limited) C:\Users\macio_boltazy\Downloads\SpyHunter-5.10-89-11044-Installer.exe
    2021-07-21 19:12 - 2021-07-23 14:09 - 000000000 ____D C:\Users\macio_boltazy\AppData\Roaming\dll-propagation
    2021-07-21 19:11 - 2021-07-23 14:08 - 000000000 ____D C:\Users\macio_boltazy\AppData\Roaming\dllservices
    2021-07-21 19:11 - 2021-07-21 19:34 - 000000000 ___HD C:\Users\macio_boltazy\AppData\Roaming\.dllbackups
  • REKLAMA
  • #4 19533464
    boltazy
    Poziom 2  
    Posty: 3
    Ocena: 2
    Pomogło!, komputer śmiga aż miło:), Bardzo dziękuję za pomoc i poświęcony czas!, pozdrawiam serdecznie
  • #5 19534496
    boltazy
    Poziom 2  
    Posty: 3
    Ocena: 2
    Postąpiłem zgodnie ze wskazówkami użytkownika "krzychupar".
REKLAMA